March 21, 2013 at 10:53 am

Miss the DRM Battle? Don’t Worry, It’s Coming to the Web


DRM, or digital rights management, used to be a big conversation point — and not just among techies. Steve Jobs even wrote a letter to the whole world in 2007 about how it needed to go away.

In a sense, DRM did vanish from music after the major labels dropped their requirements that iTunes and other download stores use it to “protect” their music from being played on many devices. But now, the online freedom activists over at Electronic Frontier Foundation are sounding the alarm that DRM could potentially be woven into the web itself with much broader implications for what you can listen to, read, or watch than iTunes-style DRM ever had.

The proposal in question is called Encrypted Media Extensions, or EME. If the people in charge of how the web works (the World Wide Web Consortium, or W3C for short) accept EME, and it becomes part of the web we use every day, something peculiar and unprecedented would take place. If you try to play music from a website, or access any other EME-restricted content, it will require you to have something. That something could be a browser plug-in, a verified subscription, or even a hardware dongle plugged into a computer. If you don’t have that thing, you can’t have the content.

That sort of approach is acceptable to most of us in a software context. We’re used to apps charging us for stuff, and restricting our access if we don’t. In fact, I have argued that apps are actually a form of DRM that makes sense. (Finally!)

Ironically, the same thing that lets the open web act more like an app, HTML5, could be the very thing that transforms it from an open standards-based place, where anyone can use any browser to access any web page, into countless little app silos.

Want to read If this thing passes the committee, we’ll be able to sell a hardware thing, or a software plug-in so that you can, and do it all using basic web standards.

Openness is precisely what makes the web so powerful; any regular browser can go to any website (outside of countries with restrictive regimes). The idea of DRM-ing the web is sure to freak plenty of people out — which is why the authors, from Google, Microsoft, and Netflix, take pains to claim that what they are proposing is not actually DRM:

“This proposal extends HTMLMediaElement to enable playback of protected content. The proposed API supports use cases ranging from simple clear key decryption to high value video (given an appropriate user agent implementation). License/key exchange is controlled by the application, facilitating the development of robust playback applications supporting a range of content decryption and protection technologies. No ‘DRM’ is added to the HTML5 specification, and only simple clear key decryption is required as a common baseline.”

However, as EFF’s Peter Eckersley and Seth Schoen point out, a web standard that requires people to have some particular thing in order to access some particular content is equivalent to DRM:

“EME’s authors keep saying that what CDMs are, and do, and where they come from is totally outside of the scope of EME, and that EME itself can’t be thought of as DRM because not all CDMs are DRM systems. Yet if the client can’t prove it’s running the particular proprietary thing the site demands, and hence doesn’t have an approved CDM, it can’t render the site’s content. Perversely, this is exactly the reverse of the reason that the World Wide Web Consortium exists in the first place…

“This is like saying, ‘we’re not vampires, but we are going to invite them into your house.’”

The best thing about HTML5 is that it makes the web act more like apps. It lets you can steer your browser through a 3D WebGL world, play real-world instruments in your browser, and do other neat stuff. Without W3C, the world couldn’t have agreed on how to make that stuff happen. It’s also what enabled Amazon to build a music store that lets iOS users buy music from there, even if Apple doesn’t want them to.

From a certain point of view, the web’s openness was a big mistake. This appears to be an attempt to correct that mistake, regardless of how the authors describe their proposal.

(via @aram)

  • jenny

    i think eme is a great idea.